예제 #1
0
        public override async Task OnAuthorizationAsync(HttpActionContext actionContext, CancellationToken cancellationToken)
        {
            var configService = GlobalDependencyResolver.GetService <IConfigurationService>();
            var serializer    = GlobalDependencyResolver.GetService <IHmacSerializer <string> >();
            var scheme        = actionContext.Request.Headers.Authorization?.Scheme;
            var token         = actionContext.Request.Headers.Authorization?.Parameter;

            if (scheme != "Bearer" || token == null)
            {
                actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized)
                {
                    Content = new StringContent("Authorization required for this request")
                };
                return;
            }
            var password     = serializer.Deserialize(token);
            var truePassword = await configService.GetOption <string>("password");

            if (password != truePassword)
            {
                actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized)
                {
                    Content = new StringContent("Invalid security token")
                };
                return;
            }
            ((BaseApiController)actionContext.ControllerContext.Controller).IsAdmin = true;
        }
        public override void OnAuthorization(HttpActionContext actionContext)
        {
            var userService = GlobalDependencyResolver.GetService <IUserService>();

            var token = actionContext.Request.Headers.GetCookies("AUTH").FirstOrDefault();

            if (token == null)
            {
                actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized)
                {
                    Content = new StringContent("Authorization required for this request")
                };
                return;
            }

            var user = userService.CheckToken(token.Cookies.First().Value).Result;

            if (user == null)
            {
                actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized)
                {
                    Content = new StringContent("Invalid security token")
                };
                return;
            }

            ((BaseApiController)actionContext.ControllerContext.Controller).CurrentUser = user;
        }